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AMENDMENTS TO THE CLAIMS 

The listing of claims will replace all prior versions, and listings, of claims in 
the appUcation: 

Listing of Claims: 

1 . (Previously presented) A method of processing an undeniable digital signature, 
comprising the steps of: 

(a) generating public keys (D, P, k, t) and secret keys (Dl, q) at a signer side, by 

generating two primes p, q (p, q > 4, p 3 mod 4, J— < q\ conqniting Dl =^ -p and D = 



Dlq?, obtaining a bit length k of ' and a bit length t of q-(Dl/q) where (Dl/q) denotes 

Kronecker symbol, and generating a kernel element P of a map from a class group Cl(l>) to a 
class group Cl(Dl); 

(b) generating a signature S for a message m at the signer side, by embedding the 
message m into a message ideal M in the class group C1(D) where a norm of the message 
ideal M is larger than k+1 bits, and mapping the message ideal M to the class group C1(D1) 
and pulling the mapped message ideal M back to the class group C1(D); and 

(c) verifying the signature S by: 

(cl) checking whether a normN(S) of the signature S received from the signer 
side is smaller than k bits or not, and judging that the signature S is illegal when the norm 
N(S) is larger than k bits, or generating a challenge C when the norm N(S) is not larger than 
k bits, by confuting the message ideal M of the message m, generating a random integer r 
smaller than t bits, computing H = (M/S/, generating a random ideal B whose norm is 
smaller than k-1 bits, and computing the challenge C - BH, at a verifier side; 

(c2) computing a response W by mapping the challenge C received from the 
verifier side to the class group C1(D1) and pulling the mapped challenge C back to the class 
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group C1(D) and squaring a result of mapping and pulling back, using flie secret keys (D 1 , q), 
at die signer side; and 

(c3) checking whether W = holds or not by using the response W received fix>m 
the signer side, and judging that the signature S is legal when W = holds or that the 
signature S is illegal otherwise, at the verifier side. 

2, (Original) A signer device for processing an undeniable digital signature, 
comprising: 

a key generation unit for generating public keys (D, P, k, t) and secret keys (Dl , q), by 



generating two primes p, q (p, q > 4, p = 3 mod 4, < q), computing Dl = -p and D = 



Dlq^, obtaining a bit length k of — — and a bit length t of q-(Dl/q) where (Dl/q) denotes 

4 

Kronecker symbol, aod generating a kemel element P of a map fi-om a class group C1(D) to a 
class group C1(D1); 

a signature generation unit for generating a signature S for a message m, by embedding 
the message m into a message ideal M in the class group Q(D) where a norm of the message 
ideal M is larger than k+1 bits, and mapping the message ideal M to the class group Cl(Dl) 
and pulling the mapped message ideal M back to the class group C1(D); and 

a response generation unit for receiving a challenge C = BH fi-om a verifier side, where B 
is a random ideal whose norm is smaller than k-1 bits, H = (M/S) ^ and r is a random integer 
smaller than t bits, computing a response W by mapping the challenge C to the class group 
C1(D1) and pulling the mapped challenge C back to the class group C1(D) and squaring a 
result of mapping and pulling back, using the secret keys (Dl, q), and sending the response 
W to the verifier side, in a process for verifying the signature S. 

3. (Previously presented) A verifier device for processing an undeniable digital 
signature, using a message m and a signature S for the message m received fi-om a signer 
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side, where public keys (D, P, k, t) and secret keys (Dl, q) are defined by generating two 
primes p> q (p, q > 4, p = 3 rood 4, J— < q) ,conputing Dl = -p and D = Dlq^ obtaining a 



and generating a kernel element P of a map from a class group C1(D) to a class group Q(D 1), 
and the signature S is generated by embedding the message m into a message ideal M in the 
class group C1(D) where a norm of the message ideal M is larger than k+1 bits, and mapping 
the message ideal M to the class group C1(D1) and pulling the mapped message ideal M back 
to the class group C1(D), the verifier device comprising: 

a norm checking imit for checking whether a norm N(S) of the signature S is smaller than 
k bits or not, and judging that the signature S is illegal when the norm N(S) is larger than k 
bits; 

a challenge generation unit for generating a challenge C when the nomi N(S) is not larger 
than k bits, by computing the message ideal M of the message m, generating a random 
integer r smaller than t bits, computing H = (M/S)^ generating a random ideal B whose norm 
is smaller than k-1 bits, and con^mting a challenge C = BH, and for sending the challenge C 
to the signer side; and 

a response checking unit for receiving a response W from the signer side, checking 
whether W = B^ holds or not, and judging that the signature S is legal when W B^ holds or 
that the signature S is illegal otherwise, where the response W being obtained by moping 
the challenge C to the class group C1(D1) and pulling the mapped challenge C back to the 
class group C1(D) and squaring a result of mapping and pulling back, using the secret keys 



4. (Original) A con^uter usable medium having connputer readable program codes 
embodied therein for causing a computer to frmction as a signer device for processing an 
undeniable digital signature, the computer readable program codes including: 




bit length k of 



and a bit length t of q-(Dl/q) where (Dl/q) denotes Kronecker symbol, 



(Dl,q). 
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r 

a first conq)Uter readable program code for causing said computer to generate public keys 
(D, P, k, t) and secret keys (Dl, q), by generating two primes p, q (p, q > 4, p 3 mod 4, 

< q) . computing Dl = -p and D = Dlq^, obtaining a bit length k of and a bit 
V 3 4 

length t of q-(Dl/q) where (Dl/q) denotes Kronecker symbol, and generating a kernel 

element P of a map from a class group C1(D) to a class group C1(D1); 

a second computer readable program code for causing said conq>uter to generate a 
signature S for a message m, by embedding the message m into a message ideal M in the 
class group C1(D) where a nomi of the message ideal M is larger than k+1 bits, and mapping 
the message ideal M to the class group Cl(Dl) and pulling the mapped message ideal M back 
to the class group C1(D); and 

a third corr^uter readable program code for causing said contputer to receive a challenge 
C = BH from a verifier side, where B is a random ideal whose norm is smaller than k-1 bits, 
H = (M/Sy, and r i$ a random integer smaller than t bits, con^mte a response W by mapping 
the challenge C to the class group C1(D1) and pulling the mapped challenge C back to the 
class group C1(D) and squaring a result of mapping and pulling back, using the secret keys 
(Dl, q), and send flie response W to the verifier side, in a process for verifying the signature 
S. 

5, (Previously presented) A computer usable medium having contputer readable 
program codes embodied therein for causing a computer to flinction as a verifier device for 
processing an undeniable digital signature, using a message m and a signature S received 
fix^ra a signer side, where public keys (D, P, k, t) and secret keys (Dl, q) are defined by 

generating two primes p, q (p, q > 4, p = 3 mod 4, ^ < q), computing Dl = -p and D = 
Dlq^, obtaining a bit length k of and a bit length t of q-(Dl/q) where (Dl/q) denotes 
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Kronecker symbol, and generating a kernel element P of a map from a class group Cl(D) to a 
class group Cl(Dl), and the signature S for the message m is generated by embedding the 
message m into a message ideal M in the class group C1(D) where a norm of the message 
ideal M is larger than k+1 bits, and mapping the message ideal M to the class group C1(D1) 
and puUing the mapped message ideal M back to the class group C1(D), the con^uter 
readable program codes including: 

a first coroputer readable program code for causing said computer to check whether a 
norm N(S) of the signature S is smaller than k bits or not, and judge that the signature S is 
illegal when the norm N(S) is larger than k bits; 

a second computer readable program code for causing said computer to generate a 
challenge C when the norm N(S) is not larger than k bits, by computing the message ideal M 
of the message m, generating a random integer r smaller than t bits, computing H = (M/sy, 
generating a random ideal B whose norm is smaller than k-1 bits, and computing the 
challenge C = BH, and send the challenge C to the signer side; and 

a third computer readable program code for causing said computer to receive a response 
W from the signer side, check whether W = B^ holds or not, and judge that the signature S is 
legal when W = holds or that the signature S is illegal otherwise, where the response W 
being obtained by mapping the challenge C to the class group C1(D1) and pulling the mapped 
challenge C back to the class group C1(D) and squaring a result of mapping and pulling back, 
using the secret keys (Dl, q), 

6.-7, (Cancelled), 

8. (Previously presented) A method for providing a software vending service, 
conqjrising the steps of: 

(a) attaching a signature S to a software offered for downloading by chents at a 
software vendor side, according to an undeniable digital signature scheme, wherein the step 
(a) further includes the steps of: 
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(al) generating public keys (D, P, k, t) and secret keys (Dl, q) at the software 



vendor side, by generating two primes p, q (p, q > 4, p = 3 mod 4, < g)y computing Dl = 

-p and D = Dlq , obtaining a bit length k of — — - and a bit length t of q-(DI/q) where (Dl/q) 

4 

denotes Kronecker sjmibol, and generating a kernel element P of a map firom a class group 
C1(D) to a class group Cl(Dl); and 

(a2) generating the signature S for a message m representing the software at 
the software vendor side, by embedding the message m into a message ideal M in the class 
group C1(D) where a norm of the message ideal M is larger than fc+'l bits, and mapping the 
message ideal M to the class group Cl(Dl) and pulling die mapped message ideal M back to 
the class group C1(D); and, 

(b) verifying the signature S a client side which has. downloaded the software with 
the signature S attached thereto interactively with the software vendor side, so as to prove 
that the software has not been altered from an original, wherein the step (b) further includes 
the steps of: 

(bl) checking whether a norm N(S) of the signature S received from the 
software vendor side is smaller than k bits or not, and judging that the signature S is illegal 
when the norm N(S) is larger than k bits, or generating a challenge C when the noon N(S) is 
not larger than k bits, by computing the message ideal M of the message m, generating a 
random integer r smaller than t bits, computing H = (M/sy, generating a random ideal B 
whose norm is smaller than k-1 bits, and computing the challenge C ^ BH, at the client side; 

(b2) conq)uting a response W by mapping the challenge C received from the 
client side to the class group C1(D1) and pulling the mapped challenge C back to the class 
group C1(D) and squaring a result of mapping and pulling back, using the secret keys (D 1 , q), 
at the software vendor side; and 
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(b3) checking whether W = holds or not by using the response W received 



from the softvvare vendor side, and judging that the signature S is legal when W = holds 
or that the signature S is illegal otherwise, at the client side. 

9- (Previously presented) The method of claim 8, wherein the step (a) attaches the 
signature S using different sets of public keys and secret keys for different kinds of software. 

10.-12. (Cancelled). 

13. (Previously presented) A method for enabling a user side to check authenticity 
of an e-commerce/information service provider, comprising the steps of: 

(a) obtaining public keys (D, P, k, t), secret keys (Dl, q), and a signature S for the 
public keys from a certificate authority side at the e-conunerce/information service provider, 
the signature being generated by the certificate authority side according to an undeniable 
digital signature scheme, wherein the step (a) further includes the steps of: 



side, by generating two primes p, q (p, q > 4, p = 3 mod 4, J— < q% computing Dl = -p and 



D = Dlq^, obtaining a bit length k of ^^^—^ and a bit length t of q-(Dl/q) where (Dl/q) 

denotes Kronecker symbol, and generating a kernel element P of a map from a class group 
a(D) to a class group a(Dl); and 



side, by embedding the public keys into a message ideal M in the class group C1(D) where a 
norm of the message ideal M is larger than k+1 bits, and mapping the message ideal M to the 
class group C1(D1) and pulling the mapped message ideal M back to the class group C1(D); 

(b) providing the public keys and the signature S from the e-commerce/information 
service provider to the user side, such that the user side carries out a process of verifying the 



(al) generating the public keys and the secret keys at the certificate authority 





(a2) generating the signature S for the public keys at the certificate authority 
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signature S provided from the e-commerce/information service provider to the user side, 
interactively with the certificate authority side to prove authenticity of the public keys 
provided by the e-commerce/information service provider, wherein the step (b) further 
includes the steps of: 

(bl) checking whether a norai N(S) of the signature S received from the 
certificate authority side is smaller than k bits or not, and judging that the signature S is 
illegal when tihe norm N(S) is larger than k bits, or generating a challenge C when the norm 
N(S) is not larger than k bits, by computing the message ideal M of the public keys, 
generating a random integer r smaller than t bits, computing H =^ (M/Sy, generating a random ' 
ideal B whose norm is smaller than k-1 bits, and con5}Uting the challenge C = BH, at the user 
side; 

Cb2) con^mting a response W by m^ing the challenge C received from the 
user side to the class group C1(D1) and pulling the mapped challenge C back to the class 
group CI(D) and squaring a result of mapping and pulling back, using the secret keys (Dl, q), 
at the certificate authority side; and 

(b3) checking whether W - holds or not by using the response W received 
from the certificate authority side, and judging that the signature S is legal when W = 
holds or that the signature S is illegal otherwise, at the user side; and 

(c) receiving an encrypted random data from the user side, the encrypted random data 
being encrypted by the user using the public keys, decrypting the encrypted random data 
using the secret keys, and returning a decrypted random data to the user side, such that the 
user side checks if the decrypted random data coincides with an original random data to 
prove tiiat the e-commerce/information service provider has authentic secret keys, 

14.-16, (Cancelled). , 

17. (Previously presented) A method for enabling a user side to check authenticity 
of an e-commerce/information service provider, comprising the steps of: 
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(a) issuing public keys (D, P, k, t), secret keys (Dl , q), and a signature S for the 
public keys from a certificate authority side to the e-commerce/information service provider, 
the signature S being generated according to an undeniable digital signature scheme, wherein 
the step (a) further includes the steps of: 

(al) generating the public keys and the secret keys at the certificate authority 

side, by generating two primes p, q (p, q > 4, p = 3 mod 4, ^ < ^, computing Dl = -p and D 

« Dlq , obtaining a bit length k of and a bit length t of q-(Dl/q) where (Dl/q) denotes 

Kronecker symbol, and generating a kernel element P of a map from a class group C1(D) to a 
class group C1(D1); and 

(a2) generating the signature S for the public keys at the certificate authority 
side, by embedding the public keys into a message ideal M in the class group C1(D) where a 
nomi of the message ideal M is larger than k+1 bits, and mapping the message ideal M to the 
class group Cl(Dl) and pulling the mapped message ideal M back to the class group CI(D); 
and 

(b) verifying the signature S provided from the e-commerce/information service 
provider to the user side, at the certificate authority side interactively with the user side in 
order to prove authenticity of the public keys provided by the e-commerce/information 
service provider, wherein the step (b) ftirther includes the steps of: 

(bl) checking whether a norm N(S) of the signature S received from the 
certificate authority side is smaller than k bits or not, and judging that the signature S is 
illegal when the noon N(S) is larger than k bits, or generating a challenge C when the norm 
N(S) is not larger than k bits, by computing the message ideal M of the public keys, 
generating a random integer r smaller than t bits, computing H = (M/S/, generating a random 
ideal B whose norm is smaller than k-1 bits, and conq^uting the challenge C = BH, at the user 
side; 
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(hi) computing a response W by mapping the challenge C received jfrom the 
user side to the class group a(Dl) and pulling the mapped challenge C back to the class 
group C1(D) and squaring a result of mapping and pulling back, using the secret keys (Dl, q), 
at the certificate authority side; and 

(b3) checking whether W = JB^ holds or not by using the response W received 
from the certificate authority side, and judging that the signature S is legal when W = 
holds or that the signature S is illegal otherwise, at the user side. 



18.-20. (Cancelled). 

21 . (Currently amended) A method for enabling a user side to check authenticity 
of an e-commerce/information service provider, comprising the steps of: 

(a) generating a signature S for a hash value of a home page of the e- 
commerce/information service provider at a certificate authority according to an undeniable 
digital signature scheme, wherein the step (a) fijrther includes the steps of: 

(al) generating pubhc keys (D, P, k, t) and secret keys (Dl , q) at the 

certificate authority, by generating two primes p, q (p, q > 4, p = 3 mod 4^, ^ 

computing Dl = -p and D = Dlq^, obtaining a bit length k of and a bit length t of q- 

4 

(Dl/q) where (Dl/q) denotes Kronecker symbol, and generating a kernel element P of a map 
from a class group Q(D) to a class group C1(D1); and 

(a2) generating the signature S for the hash value of the home page at the 
certificate autiiority, by embedding the hash value of the home page into a message ideal M 
in the class group C1(D) where a norm of the message ideal M is larger than k+1 bits, and 
mapping the message ideal M to the class group Cl(Dl) and pulling the mapped message 
ideal M back to the class group C1(D); 
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(b) posting the signature on a display of the home page of the e- 
commerce/inforaiation service provider at a user side from the certificate authority side, such 
that the user side can initiate a process of verifying the signature by clicking the signature on 
the displays and 

(c) verifying the signature S at the certificate authority side interactively with the user 
side in order to prove authenticity of the e-commerce/information service provider, wherein 
the step (c) further includes the steps of: 

(cl) checking whether a norm N(S) of the signature S received from the 
certificate authority side is smaller than k bits or not, and judging that the signature S is 
illegal when the norm N(S) is larger than k bits, or generating a challenge C when the norm 
N(S) is not larger than k bits, by computing the message ideal M of the public keys, 
generating a random integer r smaller than t bits, computing H = (M/Sy, generating a random 
ideal B whose norm is smaller than k-1 bits, and computing the challenge C = BH, at the user 
side; 

(c2) coniputing a response W by mapping the challenge C received from the 
user side to the class group C1(D1) and pulling the mapped challenge C back to the class 
group C1(D) and squaring a result of mapping and pulling back, using the secret keys (Dl, q), 
at the certificate authority side; and 

(c3) checking whether W = holds or not by using the response W received from the 
certificate authority side, and judging that the signature S is legal when W = B^ holds or that 
the signature S is illegal otherwise, at the user side. 
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If there are any issues that can be resolved via a telephone conference, the Examiner 
is invited to contact Brenda Holmes at 404.685.6799. 



KILPATRICK STOCKTON LLP 
1 TOO Peachtree Street, Suite 2800 
Atlanta, Georgia 30309-4530 
Telephone: (404)815-6500 
Facsimile: (404)815-6555 
Our Docket: 44471-234055 



CONCLUSION 



Respectfully submitted, 




By: Brenda O. Holmes 
Reg. No. 40,339 
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